Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Winfixer [RESOLVED]

ringobjm

Posted 09 October 2005 - 12:07 PM

ringobjm

New Member

Member

5 posts

Have been having problems with Winfixer for a couple days now. I have Ad Aware, Spybot, Microsoft Anti Spyware, and AVG anti virus running, and always keep them updated, scanning regularily.I have done everything it says to do on your "preparation" page to no avail.Spybot has picked it up once (winfixer) but has not been able to stop it.I have downloaded and installed/run Hijack This. Below is my log file.Any help getting rid of this would be greatly appreciated. Thank you.

Advertisements

greyknight17

Posted 09 October 2005 - 12:20 PM

greyknight17

Malware Expert

Visiting Consultant

16,560 posts

Welcome to GTG.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

* Double-click VundoFix.exe to extract the files.* After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key (or F5 in some machines) until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.* Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat* Please type the following file path (make sure to enter it exactly as below!):

C:\WINDOWS\system32\vtutq.dll

* Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.* When asked for a second path, enter -> C:\WINDOWS\system32\qtutv.** Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.* The fix will run then HijackThis will open.* In HijackThis, please place a check next to the following items and click FIX CHECKED:

C:\WINDOWS\system32\gebyy.dllC:\WINDOWS\system32\yybeg.* - delete any files that begin with yybeg

* After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.* Pressing any key will cause a 'Blue Screen of Death' this is normal, do not worry!* Once your machine reboots please continue with the instructions below.

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).Set the program up as follows:Click 'Options...'Move the arrow down to 'Custom CleanUp!'Put a check next to the following (Make sure nothing else is checked!):

ringobjm

Posted 09 October 2005 - 12:42 PM

ringobjm

New Member

Topic Starter

Member

5 posts

Tried steps as suggested. Booted into safe mode and ran KillVundo.bat
First path suggested worked fine but second path cannot be found...C:\WINDOWS\system32\qtutv.*
Tried several times but keeps saying file can't be found.
Help!

greyknight17

Posted 09 October 2005 - 03:16 PM

greyknight17

Malware Expert

Visiting Consultant

16,560 posts

Let's try this again, delete the VundoFix files you have there. I want you to download them again (see below).

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Click on Start->Settings->Control Panel->Java Plug-in and click on the Cache tab. Then click on the Clear button and hit OK.

* Double-click VundoFix.exe to extract the files.* After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key (or F5 in some machines) until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.* Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat* Please type the following file path (make sure to enter it exactly as below!):

C:\WINDOWS\system32\vtutq.dll

* Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.* When asked for a second path, enter -> C:\WINDOWS\system32\qtutv.** Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.* The fix will run then HijackThis will open.* In HijackThis, please place a check next to the following items and click FIX CHECKED:

* After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.* Pressing any key will cause a 'Blue Screen of Death' this is normal, do not worry!* Once your machine reboots please continue with the instructions below.

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).Set the program up as follows:Click 'Options...'Move the arrow down to 'Custom CleanUp!'Put a check next to the following (Make sure nothing else is checked!):

greyknight17

Posted 09 October 2005 - 07:39 PM

greyknight17

Malware Expert

Visiting Consultant

16,560 posts

Download KillBox http://www.greyknigh...spy/KillBox.exe. Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. Copy the below files and go back to KillBox. Go to File->Paste from Clipboard and then hit the button with a red circle and white X. Confirm to delete and when asked if you want to reboot, say Yes: